diff options
| -rw-r--r-- | .gitmodules | 3 | ||||
| -rw-r--r-- | README | 23 | ||||
| -rw-r--r-- | controls/cf_serverd.cf | 3 | ||||
| -rw-r--r-- | failsafe.cf | 21 | ||||
| m--------- | modules | 0 |
5 files changed, 49 insertions, 1 deletions
diff --git a/.gitmodules b/.gitmodules index 1e41644..1afb3fd 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,3 +1,6 @@ [submodule "lib"] path = lib url = gitolite3@10.1.0.254:cfengine_stdlib +[submodule "modules"] + path = modules + url = gitolite3@10.1.0.254:cfengine_modules @@ -14,3 +14,26 @@ git push legend master Then in your masterfiles repo: git submodule update --init --recursive + +cfengine modules +================ + +We have a second submodule for cfengine modules, also initialized from the master branch of the official github masterfiles. To update, run: + +git clone https://github.com/cfengine/masterfiles/ cfengine_stdlib +cd cfengine_masterfiles/ +git filter-branch --subdirectory-filter modules -- --all +git remote remove origin +git remote add legend gitolite3@10.1.0.254:cfengine_modules +git remote update +git push legend master + +Then in your masterfiles repo: + +git submodule update --init --recursive + +Note +==== +Submodules where initialized with : +git submodule add gitolite3@10.1.0.254:cfengine_stdlib lib +git submodule add gitolite3@10.1.0.254:cfengine_modules modules diff --git a/controls/cf_serverd.cf b/controls/cf_serverd.cf index f0ecac1..38ff3ac 100644 --- a/controls/cf_serverd.cf +++ b/controls/cf_serverd.cf @@ -22,6 +22,9 @@ bundle server access_rules() "$(sys.masterdir)" shortcut => "masterfiles", admit => { "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16" }; + "$(sys.masterdir)/modules" + shortcut => "modules", + admit => { "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16" }; "/bin/sh" admit => { "$(sys.policy_hub)" }; roles: diff --git a/failsafe.cf b/failsafe.cf index 354e000..ba33f7d 100644 --- a/failsafe.cf +++ b/failsafe.cf @@ -52,6 +52,7 @@ bundle agent failsafe_update { "$(sys.inputdir)" copy_from => failsafe_scp("$(masterfiles_dir_remote)"), depth_search => failsafe_recurse("inf"), + action => failsafe_u_immediate, file_select => failsafe_exclude_vcs_files, classes => failsafe_results("namespace", "inputdir_update"); inputdir_update_error:: @@ -62,6 +63,14 @@ bundle agent failsafe_update { classes => failsafe_results("namespace", "inputdir_update"), comment => "If we failed to fetch policy we try again using the legacy default in case we are fetching policy from a hub that is not serving masterfiles via a shortcut."; + !am_policy_hub:: + "$(sys.workdir)/modules" + copy_from => failsafe_scp("modules"), + depth_search => failsafe_recurse("inf"), + perms => failsafe_u_m("755"), + action => failsafe_u_immediate, + file_select => failsafe_exclude_vcs_files, + classes => failsafe_results("namespace", "modulesdir_update"); processes: !(windows|systemd):: "cf-serverd" restart_class => "cf_serverd_not_running"; @@ -72,7 +81,7 @@ bundle agent failsafe_update { "$(sys.cf_execd)" classes => failsafe_results("namespace", "cf_execd_running"); cf_serverd_not_running:: "$(sys.cf_serverd)" classes => failsafe_results("namespace", "cf_serverd_running"); - !cfengine3_service_running:: + !cfengine3_service_running|(systemd.inputdir_update_repaired):: "/bin/systemctl restart cfengine3" contain => failsafe_noshell_and_silent, classes => failsafe_results("namespace", "systemctl_restart_cfengine3"); @@ -180,3 +189,13 @@ body contain failsafe_noshell_and_silent useshell => "noshell"; no_output => true; } + +body perms failsafe_u_m(p) +{ + mode => "$(p)"; +} + +body action failsafe_u_immediate +{ + ifelapsed => "0"; +} diff --git a/modules b/modules new file mode 160000 +Subproject 98c6d3c37ffd4d2721be313e91786e5f55e2602 |